Do not add type tag size to the alloc_typed lowering for GC allocations (#54837)

gbaraldi · vchuravy · commit a88c6389e2a7 · 2024-06-23T18:12:16.000-04:00
Enzyme.jl hit an issue where, in a dynamically typed allocation of size `GC_MAX_SZCLASS`, because we mistakenly added they type tag size to the allocation, the runtime disagreed if this was a pool allocation or a big allocation. Causing a crash in the GC (cherry picked from commit ded0b28)
diff --git a/src/julia_internal.h b/src/julia_internal.h
@@ -508,6 +508,8 @@ STATIC_INLINE uint8_t JL_CONST_FUNC jl_gc_szclass_align8(unsigned sz) JL_NOTSAFE
 #define GC_MAX_SZCLASS (2032-sizeof(void*))
 static_assert(ARRAY_CACHE_ALIGN_THRESHOLD > GC_MAX_SZCLASS, "");
 
+
+// Size does NOT include the type tag!!
 STATIC_INLINE jl_value_t *jl_gc_alloc_(jl_ptls_t ptls, size_t sz, void *ty)
 {
     jl_value_t *v;
diff --git a/src/llvm-final-gc-lowering.cpp b/src/llvm-final-gc-lowering.cpp
@@ -211,7 +211,7 @@ void FinalLowerGC::lowerGCAllocBytes(CallInst *target, Function &F)
         }
     } else {
         auto size = builder.CreateZExtOrTrunc(target->getArgOperand(1), T_size);
-        size = builder.CreateAdd(size, ConstantInt::get(T_size, sizeof(void*)));
+        // allocTypedFunc does not include the type tag in the allocation size!
         newI = builder.CreateCall(allocTypedFunc, { ptls, size, type });
         derefBytes = sizeof(void*);
     }
diff --git a/test/llvmpasses/final-lower-gc.ll b/test/llvmpasses/final-lower-gc.ll
@@ -93,9 +93,8 @@ top:
   %pgcstack = call {}*** @julia.get_pgcstack()
   %ptls = call {}*** @julia.ptls_states()
   %ptls_i8 = bitcast {}*** %ptls to i8*
-; CHECK: %0 = add i64 %size, 8
-; TYPED: %v = call noalias nonnull align {{[0-9]+}} dereferenceable(8) {} addrspace(10)* @ijl_gc_alloc_typed(i8* %ptls_i8, i64 %0, i64 12341234)
-; OPAQUE: %v = call noalias nonnull align {{[0-9]+}} dereferenceable(8) ptr addrspace(10) @ijl_gc_alloc_typed(ptr %ptls_i8, i64 %0, i64 12341234)
+; TYPED: %v = call noalias nonnull align {{[0-9]+}} dereferenceable(8) {} addrspace(10)* @ijl_gc_alloc_typed(i8* %ptls_i8, i64 %size, i64 12341234)
+; OPAQUE: %v = call noalias nonnull align {{[0-9]+}} dereferenceable(8) ptr addrspace(10) @ijl_gc_alloc_typed(ptr %ptls_i8, i64 %size, i64 12341234)
   %v = call {} addrspace(10)* @julia.gc_alloc_bytes(i8* %ptls_i8, i64 %size, i64 12341234)
   %0 = bitcast {} addrspace(10)* %v to {} addrspace(10)* addrspace(10)*
   %1 = getelementptr {} addrspace(10)*, {} addrspace(10)* addrspace(10)* %0, i64 -1

Original file line number	Diff line number	Diff line change
`@@ -508,6 +508,8 @@ STATIC_INLINE uint8_t JL_CONST_FUNC jl_gc_szclass_align8(unsigned sz) JL_NOTSAFE`
`508`	`508`	`#define GC_MAX_SZCLASS (2032-sizeof(void*))`
`509`	`509`	`static_assert(ARRAY_CACHE_ALIGN_THRESHOLD > GC_MAX_SZCLASS, "");`
`510`	`510`
	`511`	`+`
	`512`	`+// Size does NOT include the type tag!!`
`511`	`513`	`STATIC_INLINE jl_value_t jl_gc_alloc_(jl_ptls_t ptls, size_t sz, void ty)`
`512`	`514`	`{`
`513`	`515`	`jl_value_t *v;`
Original file line number	Diff line number	Diff line change
`@@ -211,7 +211,7 @@ void FinalLowerGC::lowerGCAllocBytes(CallInst *target, Function &F)`
`211`	`211`	`}`
`212`	`212`	`} else {`
`213`	`213`	`auto size = builder.CreateZExtOrTrunc(target->getArgOperand(1), T_size);`
`214`		`- size = builder.CreateAdd(size, ConstantInt::get(T_size, sizeof(void*)));`
	`214`	`+ // allocTypedFunc does not include the type tag in the allocation size!`
`215`	`215`	`newI = builder.CreateCall(allocTypedFunc, { ptls, size, type });`
`216`	`216`	`derefBytes = sizeof(void*);`
`217`	`217`	`}`